Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
So, I'm making a program in WindowsForm with C# and I have a Search Box, where the user can search a list of clients.
What I want to do is: when the user hits 'Search', select from the clients table all the lines that contains, in the name column, the text that the user had written. Like:
I have Alan and Mark registred in the clients table, and the user writes 'a' in the searchbox, it has to bring Alan and Mark, because they have the letter 'a' in their name.
string userInput = searchTextBox.Text;
string query = "select* from client where name like" + '%' + userInput + '%';
Now you can use that query.
[EDIT FOR SECURITY]
cmd.CommandText = "select* from client where name like #Name;";
cmd.Parameters.AddWithValue("#Name", "%" + userInput + "%");
A simple like will solve your problem:
Select * from yourtable where [name] like '%a%'
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 1 year ago.
Improve this question
I have a gridview of a SQL table. The first two columns automatically get selected and put into the grid when the webpage starts and a date is selected. The third column is a comment section where I'd like to let the user input comments themselves. I have a text box that they can enter comments in when they select a row, but I can get the column to update properly.
Run_DB_Script("update Log_Transfers set Comment = '" + tmpBox.Text + "' where '" + GridView1.Rows[Row] + "'", ref tmpErr);
The bracketed [Row] is a int that is set to the row number they put in.
It executes the code, but nothing is there after hitting update.
Building a SQL statement using the input from a user is opening the door for a SQL Injection hack. A better alternative is to use parameters.
// set up the sql command to run with parameter placeholders
// parameters are prefixed with an #
var command_text = "update Log_Transfers set Comment = #comment where #grid_row";
// Define the two parameters
SqlParameter comment = new SqlParameter("#comment",tmpBox.Text);
SqlParameter grid_row = new SqlParameter("#grid_row", ....);
SqlCommand cmd = new SqlCommand();
cmd.Text = command_text;
// Add the parameters to the command
cmd.Parameters.Add(comment);
cmd.Parameters.Add(grid_row);
cmd.Execute();
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 5 years ago.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Improve this question
The goal of the program is to pull data from the database depending on the index value that you enter in and then display the data linked to that index in the console.
You're missing whitespaces before the from and where keywords. Additionally, table is a reserved word in SQL, so you'll have to escape it:
String selectStatement = "SELECT ItemID, ItemName, ItemQty " +
// Whitespace--------------------^
"FROM [Table] " + // [Table] is escaped
// Whitespace^
"WHERE ItemId = #ItemId"
Because you forgot to add space between FROM table
Here is updated query.
Select ItemId, ItemName, ItemQty "+
"From Table "+
"Where ItemId=#ItemId";
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I want to store some string code in SQL like 120.002.123 or EXP.120.555. How can I split those strings to increase only the rightmost integer part? I don't want to change other parts of the string.
Ex. 120.002.124 or EXP.120.556
How can I do this in C#?
This might do the trick for you
string str = "EXP.120.556"; //120.002.123
str = String.Join(
".",
str.Split('.')
.Take(
str.Split('.').Length - 1
)
)
+ "." +
(
Convert.ToInt32
(
str.Split('.').LastOrDefault()
) + 1
).ToString();
So here in the code the first String.Join will join the other part of the string with . except of the last part which you want to increament using Take. Then Convert.ToInt32 will convert the last part of the string to a integer using LastOrDefault and then we add 1 to it and again convert it back to string using ToString
What you can do is to use String.Split method and split by . to get each individual number.
string test = "120.002.123";
string[] allparts = test.Split('.');
Then take the last entry and convert it to an integer
int lastNumber = Convert.ToInt32(allparts.Last());
Now you can do what ever you want with that integer.
With a little more research effort you could have solved it on your own.
Like this + this
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
I found people with the same problem, but none of their solutions helped me.
string checkuser = "select count(*) from Table where Username ='" + TextBox1.Text + "'";
It says "Incorrect syntax near the keyword 'Table'."
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
something about the ToString line
Is your table actually called "Table"? If so, I'd recommend choosing a different name. If you really must call it "Table", then escape it with backquotes:
select count(*) from `Table` where Username = #Username
Also, you really should not insert the raw value from your textbox into a SQL query. That makes you prone to SQL injection attacks. Instead, you should make a #Username parameter for the query and pass the value through the parameter.
If your table name is table then it is causing error because the table is use as a keyword by sql
use something like this
select count(*) from [Table] where Username = '" + TextBox1.Text + "'";
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
I need to update sql table, i.e. if I have in table spicific record I want to update the record if record dosen't exist I need to add it to the table.
How can I implemet it ?
Thank you in advance.
If I understand you correctly, you want to add columns, with some values. You need to use alter query with default constraint:
ALTER TABLE {TABLENAME}
ADD {COLUMNNAME} {TYPE} {NULL|NOT NULL}
CONSTRAINT {CONSTRAINT_NAME} DEFAULT {DEFAULT_VALUE}
Or if you want to check that a record or row is available in data or not and if not you want to insert that row then you need if not exist:
IF NOT EXISTS(SELECT 1 FROM emp WHERE fruits = 'mango')
INSERT INTO emp (fruits) VALUES ('mango')
Have you tried this?
INSERT INTO table (a,b,c) VALUES (1,2,3) ON DUPLICATE KEY UPDATE c=c+1;
If you want to update a record in the database you need to get the UniqueID of the record in the table.
To do this For instance if you are going to update your personal info
Select ID, LastName, FirstName, DateofBirth from PersonalTable
If you get dataset
get the ID in Viewstate
UPDATE PersonalTable SET (LastName,FirstName,DateofBirth) = '" + xyz + "', '" + yzx + "', " + 01/01/2013 + " WHERE id= Viewstate("ID")
if you dont get use the insert query
Happy Coding